Reduce level of vulnerability on JRuby plugin

The JRuby plugin was using an old version of JRuby.
The version of JRuby is updated to the latest version, which
reduces the security vulnerability level. Some JRuby libraries
that are not used in the APEX PDP and that themselves have security
vulnerabilities are excluded.

Issue-ID: POLICY-905
Change-Id: I1c9d40c505849d8cab2778a4993dec9148504599
Signed-off-by: liamfallon <liam.fallon@ericsson.com>

diff --git a/plugins/plugins-executor/plugins-executor-jruby/pom.xml b/plugins/plugins-executor/plugins-executor-jruby/pom.xml
index c9284a2..c9f72fc 100644 (file)
--- a/plugins/plugins-executor/plugins-executor-jruby/pom.xml
+++ b/plugins/plugins-executor/plugins-executor-jruby/pom.xml
@@ -37,8 +37,22 @@
     <dependencies>
         <dependency>
             <groupId>org.jruby</groupId>
-            <artifactId>jruby-complete</artifactId>
-            <version>1.7.26</version>
+            <artifactId>jruby</artifactId>
+            <version>9.2.0.0</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.jruby.extras</groupId>
+                    <artifactId>bytelist</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.jruby</groupId>
+                    <artifactId>dirgra</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.jruby</groupId>
+                    <artifactId>jruby-stdlib</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
     </dependencies>
-</project>
\ No newline at end of file
+</project>